Oracle MySQL Eventum Multiple Cross Site Scripting Vulnerabilities Network Vulnerability

Summary

This host is running Oracle MySQL Eventum and is prone to multiple cross site scripting vulnerabilities.

Impact

Successful exploitation will allow attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. Impact Level: Application

Solution

Upgrade to MySQL Eventum version 2.3.1 or later. For updates refer to http://forge.mysql.com/wiki/Eventum

Insight

Multiple flaws are due to an error in '/htdocs/list.php', '/htdocs/forgot_password.php' and '/htdocs/select_project.php', which is not properly validating the input passed to the 'keywords' parameter.

Affected

MySQL Eventum version 2.2 and 2.3

References

http://packetstormsecurity.org/files/view/98423/ZSL-2011-4989.txt

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 4.6 AV:N/AC:H/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Apache Struts2 'XWork' Information Disclosure Vulnerability
7Media Web Solutions EduTrac Directory Traversal Vulnerability
AlienForm CGI script
Apache Tomcat Information Disclosure Vulnerability
Apache Tomcat source.jsp malformed request information disclosure

Take action and discover your vulnerabilities